Internet

I have been having a problem with Plesk 10.4.4 using Postfix and the Plesk Spamassassin:
Mails from SASL Authenticated local domain users was being tagged as Spam by Spamassassin, with, amongst others, RCVD_IN_PBL.

I fixed this by doing two things:

1) adding the following to the /etc/postfix/main.cfsmtpd_sasl_authenticated_header = yes

AND

2) adding the following to /etc/mail/spamassassin/local.cf (replace your.host.name with your hosts FQDN that shows up in mail headers)header SASL_AUTH_RCVD Received =~ /\(Authenticated sender: .*@.*\) by your.host.name \(Postfix\) with/score SASL_AUTH_RCVD -10describe SASL_AUTH_RCVD received from SASL authenticated user

Ever since I started using Lastpass Premium, I have been using Two-Factor Authentication (TFA). First with printed OTPs, then Google Authenticator on my Android.

The only reason why I thusfar not considered using Yubikey as my TFA was the missing ability to use it on my android phone. But especially on the PHONE I want TFA, because it is in much higher danger of being stolen. But the traditional Yubikeys dont work on phones.

But the guys @ Yubico came up with the Yubikey Neo (http://yubico.com/yubikey-neo)

The Yubikey Neo is NFC-enabled and works perfectly in tandem with my Samsung Galaxy Nexus. I can now safely use Lastpass on my Android with TFA, and I don’t have to worry about the security of my passwords when my phone gets stolen.

Then select URI record type, identifier=https:// and URI string lastpass.com/mobile/?otp=

press NEXT twice to get to the programming page and press the RUN button to write the NDEF2 string to your YubiKey NEO.

Enjoy (make sure you have the Lastpass App installed on your Phone)

The Yubikey Neo can be used on any Computer like a normal Yubikey and on any NFC enabled phone. Fantastic, isn’t it ?

~~ sebastian

Update 1, 13.03.2012: Thanks to a comment from Evelina @ Yubico, I changed the above howto to include the need to change your lastpass account settings to “disallow” mobile access. This setting will enforce the YubiKey TFA on mobile devices.